Today, AWS Identity and Access Management (IAM) updated the IAM policy simulator to help you to test, verify, and understand resource-level permissions in your account. The policy simulator is a tool that lets you examine and validate the permissions your policies set. Now, the policy simulator will automatically provide a list of resources that must be set in order to simulate the action accurately. For example, when you simulate a call to EC2 runInstances in the policy simulator, now you will be prompted for the six resources (e.g. instance, security group, volume, subnet, image, and network interface) required in order for users to successfully perform this action. These enhancements to the simulator can help you verify that your policies work as expected. Using the IAM policy simulator console or APIs you can now simulate the exact scenario in which your users or applications call an AWS action.